N
Novu14mo ago
vinman8866

AWS SES Email Unexpected Provider Error

I have been attempting to set up AWS SES to send email notifications but when attempting to send a test email in the application, I receive an unexpected provider error. My SES is in the sandbox environment but the email I am sending from and sending to (in the test functionality on the Novu dashboard) are both verified identities. The user is a specifically created IAM user with the following permissions (I have removed the sensitive account and email address: { "Statement": [ { "Action": [ "ses:SendEmail", "ses:SendRawEmail" ], "Effect": "Allow", "Resource": [ "arn:aws:ses:eu-west-2:<ACCOUNT>:identity/<THE-EMAIL-ADDRESS>" ] } ], "Version": "2012-10-17" } The email address I provide for the From Email Address (in the Novu dashboard) is the same as the resource email address above. And the region I have entered is also eu-west-2. I can successfully send a test email from the from email address to the email address I am trying to send to using the AWS Console. My assumption is some issue with permissions? The ID sent on the email payload is: 6526d85082262bbc90cda146 The response is: {"message":"Unexpected provider error","error":"Bad Request","statusCode":400}
10 Replies
vinman8866
vinman8866OP14mo ago
I tested out with a different user (with admin privileges) and it works. So I just need a clearer idea of what IAM actions/policy needs to be provided to support emails
Pawan Jain
Pawan Jain14mo ago
Hi @vinman "ses:SendEmail", "ses:SendRawEmail" permission should be enough to send email Do you see error details with this error? "message":"Unexpected provider error","error":"Bad Request","statusCode":400} if you click on show details option in activity feed
vinman8866
vinman8866OP14mo ago
Thanks for the support @Pawan Jain I don't see anything in the activity feed - I found this error by using the chrome dev tools
Pawan Jain
Pawan Jain14mo ago
Did you use test option in email editor or you triggered the workflow?
vinman8866
vinman8866OP14mo ago
okay so the issue is specifically on the resource in the IAM policy changing it from: "Resource": [ "arn:aws:ses:eu-west-2:<ACCOUNT>:identity/<THE-EMAIL-ADDRESS>" ] to: "Resource": [ "*" ] makes it work - but I want to be more restrictive In addition to the identity - do you know what other resources need to be enabled?
Pawan Jain
Pawan Jain14mo ago
Let me check
vinman8866
vinman8866OP14mo ago
thank you just as an update, i updated the resource to the following and it now works: "arn:aws:ses:eu-west-2:<ACCOUNT>:identity/*
Novu_Bot
Novu_Bot14mo ago
@vinman, you just advanced to level 1!
Pawan Jain
Pawan Jain14mo ago
Thanks @vinman , we will document it on ses page
Linear
Linear14mo ago
Want results from more Discord servers?
Add your server